support.microsoft.com suffers from a cross site scripting vulnerability.
dd667967abd9313f5e3ed103fbf17192ad8233dd97ee552d4f3dfb4ad5b94d0b
Hello,
I have found that microsoft.com fails to filter html properly on some pages.
http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us');alert('xss<http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us%27%29;alert%28%27xss>
this causes javascript to be executed when a user clicks the help link.
Someone knows how to get js executed on page load?
greets,
Thomas